[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mirari template

To: Pierre Chambart <pierre.chambart@xxxxxxxxxxx>
From: Anil Madhavapeddy <anil@xxxxxxxxxx>
Date: Thu, 2 May 2013 08:44:50 +0100
Cc: "cl-mirage@xxxxxxxxxxxxxxx List" <cl-mirage@xxxxxxxxxxxxxxx>
List-id: MirageOS development <cl-mirage.lists.cam.ac.uk>

On 2 May 2013, at 08:40, Pierre Chambart <pierre.chambart@xxxxxxxxxxx> wrote:

> Le Sun, 31 Mar 2013 23:47:15 +0100,
> Anil Madhavapeddy <anil@xxxxxxxxxx> a écrit :
> 
>> The one missing thing in Cohttp/Async is SSL support, which we'll
>> need to add via an stunnel wrapper for now. Dave, is the existing
>> Xapi stunnel code in a library, or do we need to extract it?
> 
> Wouldn't it be easier to do it using ocamlssl like lwt_ssl does ? It is
> quite easy. You need to be able to wake up threads when a file
> descriptor is ready for read/write, I haven't verified, but it should
> probably be possible in Async.

I basically don't trust those bindings.  It would be far more robust
to have low-level SSL bindings, and do the higher-level async handling,
entropy generation and certificate callbacks in pure OCaml.  OpenSSL is
also a bit of a beast to compile for an embedded environment like Mirage.

(The long-term aim is to replace the SSL library with a pure OCaml one,
and gradually rewriting the existing bindings as we go along seems like
a good approach).

-anil

References:
- Re: Mirari template
  - From: Pierre Chambart

Prev by Date: Re: Mirari template
Next by Date: Fwd: [ovs-discuss] Open vSwitch 1.10.0 Available
Previous by thread: Re: Mirari template
Next by thread: Fwd: [ovs-discuss] Open vSwitch 1.10.0 Available
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.